Network security protocols need high configuration workload. We propose a new protocol to reduce this issue: our "Security Capabilities Over Unsecured Topology" (SCOUT) protocol has been designed to search at each IP-based node for the security supported mechanisms on the remote nodes and then to invoke an adequate security channel establishment mechanism. If the remote node does not support any compatible security features, the SCOUT protocol will try to secure the flow at least up the router in the neighborhood of the node. This protocol avoids the administrator manually managing a tunnel for each couple of nodes. This reduces administrator workload and increases network security deployment scalability. We complete the SCOUT protocol presentation by an evaluation of experimental performance and an analysis of vulnerability.